nss: make crl_der allocated on heap

... and spell it as crl_der instead of crlDER
2014-07-04 00:36:21 +02:00 · 2014-07-04 00:36:21 +02:00 · caa4db8a51
commit caa4db8a51
parent 2968f957aa
1 changed files with 14 additions and 9 deletions
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
 }

 /* add given CRL to cache if it is not already there */
-static SECStatus nss_cache_crl(SECItem *crlDER)
+static CURLcode nss_cache_crl(SECItem *crl_der)
 {
  CERTCertDBHandle *db = CERT_GetDefaultCertDB();
-  CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0);
+  CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
  if(crl) {
    /* CRL already cached */
    SEC_DestroyCrl(crl);
-    SECITEM_FreeItem(crlDER, PR_FALSE);
+    SECITEM_FreeItem(crl_der, PR_TRUE);
    return CURLE_SSL_CRL_BADFILE;
  }

  /* acquire lock before call of CERT_CacheCRL() */
  PR_Lock(nss_crllock);
-  if(SECSuccess != CERT_CacheCRL(db, crlDER)) {
+  if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
    /* unable to cache CRL */
    PR_Unlock(nss_crllock);
-    SECITEM_FreeItem(crlDER, PR_FALSE);
+    SECITEM_FreeItem(crl_der, PR_TRUE);
    return CURLE_SSL_CRL_BADFILE;
  }

@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename)
  PRFileDesc *infile;
  PRFileInfo  info;
  SECItem filedata = { 0, NULL, 0 };
-  SECItem crlDER = { 0, NULL, 0 };
+  SECItem *crl_der = NULL;
  char *body;

  infile = PR_Open(crlfilename, PR_RDONLY, 0);
@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename)
  if(info.size != PR_Read(infile, filedata.data, info.size))
    goto fail;

+  crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
+  if(!crl_der)
+    goto fail;
+
  /* place a trailing zero right after the visible data */
  body = (char*)filedata.data;
  body[--filedata.len] = '\0';
@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename)

    /* retrieve DER from ASCII */
    *trailer = '\0';
-    if(ATOB_ConvertAsciiToItem(&crlDER, begin))
+    if(ATOB_ConvertAsciiToItem(crl_der, begin))
      goto fail;

    SECITEM_FreeItem(&filedata, PR_FALSE);
  }
  else
    /* assume DER */
-    crlDER = filedata;
+    *crl_der = filedata;

  PR_Close(infile);
-  return nss_cache_crl(&crlDER);
+  return nss_cache_crl(crl_der);

 fail:
  PR_Close(infile);
+  SECITEM_FreeItem(crl_der, PR_TRUE);
  SECITEM_FreeItem(&filedata, PR_FALSE);
  return CURLE_SSL_CRL_BADFILE;
 }